X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/287bb19883f9fba8d1b1257d010ba7e086e38df6..bd7edde9d6e871a62299a4aa04853095f194e3bf:/doc/news/version_3.20161229.mdwn

diff --git a/doc/news/version_3.20161229.mdwn b/doc/news/version_3.20161229.mdwn
index 7d96cedb9..365cb69d1 100644
--- a/doc/news/version_3.20161229.mdwn
+++ b/doc/news/version_3.20161229.mdwn
@@ -2,17 +2,17 @@ ikiwiki 3.20161229 released with [[!toggle text="these changes"]]
 [[!toggleable text="""
    * Security: force CGI::FormBuilder->field to scalar context where
      necessary, avoiding unintended function argument injection
-     analogous to [[!cve CVE-2014-1572]]. In ikiwiki this could be used to
+     analogous to [[!debcve CVE-2014-1572]]. In ikiwiki this could be used to
      forge commit metadata, but thankfully nothing more serious.
-     ([[!cve CVE-2016-9646]])
+     ([[!debcve CVE-2016-9646]])
    * Security: try revert operations in a temporary working tree before
      approving them. Previously, automatic rename detection could result in
      a revert writing outside the wiki srcdir or altering a file that the
      reverting user should not be able to alter, an authorization bypass.
-     ([[!cve CVE-2016-10026]] represents the original vulnerability.)
+     ([[!debcve CVE-2016-10026]] represents the original vulnerability.)
      The incomplete fix released in 3.20161219 was not effective for git
      versions prior to 2.8.0rc0.
-     ([[!cve CVE-2016-9645]] represents that incomplete solution.)
+     ([[!debcve CVE-2016-9645]] represents that incomplete solution.)
    * Add CVE references for CVE-2016-10026
    * Add automated test for using the CGI with git, including
      CVE-2016-10026